September 2013

The access control industry’s move to open standards is cultivating a broad range of interoperable products with enhanced features and security. Open standards also ensure that solutions can be easily upgraded to support changes in technology and applications, and give users the confidence that investments in today’s technologies can be leveraged in the future.

One recently established standard that delivers significant user benefits is the Open Supervised Device Protocol (OSDP) with Secure Channel Protocol (SCP). The specification provides bi-directional communications and security features for connecting card readers to control panels or other security management systems, which improves integration to support advanced applications and data encryption between components. Bi-directional communication is particularly beneficial, enabling users to change configurations and to poll and query readers from a central system, which reduces costs while speeding and simplifying configuration and improving the ability to service readers.

Unlike earlier uni-directional protocols including the Wiegand interface for RFID readers and the clock-and-data signal approach used with magnetic stripe readers, OSDP enables continuous reader status monitoring, and can immediately indicate a failed, missing or malfunctioning reader. It can also provide tamper detection and indication capabilities. All signaling is performed over two data lines plus ground, which cuts costs as compared to Wiegand by enabling the use of four conductor cables to power the reader and to send and receive data, rather than six.

In announcing the OSDP project in November 2011, SIA Standards Chairman Steve Van Till said, “We think that there is a glaring need for this type of specification… There is currently no standard protocol for interfacing readers to physical access control systems, other than the outdated Wiegand protocol, which does not support advanced operations such as those required for public key infrastructure (PKI).” According to SIA, it expects OSDP with SCP to replace the Wiegand interface in many applications that require larger data sizes, two-way communications, or encryption, such as smart card deployments, federal PKI-based systems, and identity management applications.

The addition of SCP to OSDP has brought strong authentication capabilities that enable secure and trusted communications and connections. With many years of proven use, SCP was developed by GlobalPlatform, an industry standards body that works across industries to identify, develop and publish specifications that facilitate the secure and interoperable deployment and management of multiple embedded applications on secure chip technology. To establish a session using SCP, the client and server are mutually authenticated with each other and a set of keys are established for the session. The secure channel is then terminated and session keys destroyed whenever any error is detected in the SCP.

HID Global has made significant contributions to the OSDP specification, and is one of the first to support OSDP with SCP in its reader portfolio as part of its iCLASS SE platform. iCLASS SE platform readers with OSDP enable central, which lowers operational costs by making them faster and easier to configure and service. The readers also increase security because each device uses a secure channel protocol used to secure sensitive data, reducing the risk of unknown tamper. Finally, they save on wiring, since just two conductors are required rather than five or six for audio (beeper), visual (LED), supervision and data transactions (power excluded).

OSDP with SCP and other industry standards will continue to play an increasingly important role in the PACS industry, delivering improved security and new capabilities while ensuring that users can future-proof their infrastructure investments with highly adaptable solutions that can grow and evolve.

It is often said that innovation comes from the confluence of several existing technologies. Today, we have such an event occurring now in smartphones, with the de facto inclusion of accelerometers, the addition of personal wireless technology (NFC and Bluetooth), and a powerful computing platform that is (almost) always connected. Voila!

This is a perfect recipe for disruptive innovation in the access control market. Mobile access control, or using one’s NFC-enabled smart phone to access buildings, makes it possible for you to use your smartphone in the same way you use a mechanical key or smart card to open a door. Thanks to NFC and HID Global, a smartphone can now securely house “digital keys” with a user’s identity data. These smartphones with digital keys can be incorporated into the business infrastructure not only to open doors, but also to login into computer networks and to perform many other traditional smart card applications.

This shift – that is, the corporate identity badge and access card moving onto NFC-enabled smart phones – ushers in an entirely new level of user convenience. It will also enable new forms and additional factors of authentication for increased security of a user’s identity in a world where security threats continue to grow and privacy assurances are increasingly critical. Mobile access control allows users to add GPS (where you are) as well as biometrics to traditional authentication methods (something you know, such as a password and something you have, such as phone). The addition of gesture-based access control to this model will take authentication a step beyond by enabling a user to define a series of hand-motion sequences or gestures to be used to control the operation of an RFID-based device.

This means that when gesture-based access control is incorporated into an NFC smartphone, users will be able to define gesture-based passwords that can work in a two-dimensional mode similar to a combination lock. Users will also be able to utilize 3-D motions such as moving their phone to the left, right, forward and backward to trigger a door to open. So in the future when you see someone waving their phone at a secure door and it opens, don’t be surprised. “Open Sesame” has arrived!